About
GreenNetGreenNet
supports a progressive community working for Peace, the Environment,
Gender Equality and Social Justice, through the use of Information Communication
Technologies (ICTs). GreenNet services are specifically tailored to
meet the needs of civil society organisations and include: email, webhosting,
dynamic website development and consultancy, training. GreenNet is a
member of ISPA (Internet Service Providers Association) and is registered
with CISAS (Communications and Internet Services Adjudication Scheme).
GreenNet is an ethical not-for-profit collective and as such has a non-hierarchial
structure with any profits going to its parent charity, GET (GreenNet
Educational Trust). GreenNet is an equal opportunities employer and
our approach to all areas of our work embraces the principle of equality
and equity for all. GreenNet has an environmental policy which covers
all aspects of GreenNet's operations (available on request).

Purpose
of this document
We have prepared this document to: further explain your relationship
with us, your supplier; let you know what information about you is stored,
how it is stored, for how long it is stored; and explain our policy
for ensuring that your data protection needs are treated with the utmost
seriousness. GreenNet recognises that the relationship between GreenNet
and our users is a confidential one. GreenNet is a 'Registered Data
Controller'. Our entry can be checked on the Data Protection Register
under Registration Number: K0657188 at http://www.dpr.gov.uk/search.html
This document is updated as and when is necessary, and at least in accordance
with Oftel/Ofcom requirements. Any questions about this document or
GreenNet services, please email: support@gn.apc.org.

Data
Retention of and access to Communications data
Parliament enacted an Order which came into force on December 5th 2003,
approving a voluntary code of practice in relation to ISP retention of
and access to 'Communications Data' - confidential user information.

As a not-for-profit ISP dedicated to supporting and promoting groups
and individuals working for peace, human rights, gender equality, social
justice and the environment through the use of ICTs, we aim to realise
the rights of all individuals in the UK to enjoy full access to information
and communication services.

GreenNet has participated in good faith in various consultations throughout
this process, outlining its concerns with respect proposals for retention
of data, whether voluntary or mandatory. We remain deeply concerned
that the voluntary code is not compliant with data protection principles
and Human Rights standards.

To this end, GreenNet will not participate in the voluntary
retention scheme and is principally bound to retain its current data
retention policy, outlined below, in the interest of defending the rights
of our user community.

Our responses to the consultation and further justification of our
position can be found here (voluntary
retention of data) and here (access
to communications data). In making this submission, GreenNet Limited
alludes not only to those who are privileged to make use of communication
services at present, but also takes into consideration the potential
of a free and open communication network to benefit the realisation
of social, political, economic and human rights for all in the UK.

Why
is information stored?
GreenNet holds user data for Billing and Support purposes. This allows
us to fulfill various administrative functions such as issuing invoices,
recording payments and answering user support queries. We may also use
information when:

informing users about new GreenNet services

distributing newsletters and alerts which we feel would be of interest

distributing
announcements about training activities and new projects

These purposes are consistent with the 8 UK Data Protection Principles
which state that:

1. Processing of personal data must be done fairly and lawfully.
2. Personal data should be obtained only for specified purposes and
must be processed in a manner compatible with those purposes.
3. Personal data must be adequate, relevant, and not excessive in
relation to those purposes.
4. Personal data must be accurate and, where necessary, kept up to
date.
5. Personal data should not be kept longer than necessary.
6. Personal data must be processed in accordance with the rights of
data subjects under the current Data Protection Act.
7. Technical and organisational measures can be taken against unauthorised
or unlawful processing of personal data and against accidental loss,
destruction or damage to personal data.
8. Personal data should not be transferred outside the European Economic
Area unless to a country or territory that ensures an adequate level
of protection for the rights and freedoms of data subjects in relation
to the processing of personal data.

GreenNet will not give user information to ANY agency, organisation
or company for the purposes of direct marketing.

GreenNet will not disclose confidential information to any third
party without your implicit or explicit consent - [implicit authorisation
could mean, for example, that the information requested is publicly
available, eg on the user's Website, via a 'Whois' lookup, or other
publicly published databases)] - unless compelled by law to do
so.

In
this situation, we would only disclose such information if the following
conditions exist:

the law is compliant with existing Data Protection principles and
Human Rights standards.

we have received a court order

GreenNet
considers that there is a compelling justification for disclosure;

In the absence of such conditions, GreenNet is principally bound to
protect your confidential information and inform you if any third party
tries to obtain your confidential information.

GreenNet does not share personal data with third parties,
except as described above. All staff have clear guidelines to determine
whether a user has identified themselves sufficiently for a change
of account or disclosure of information and are aware that the unauthorised
or illegal disclosure of personal details about users is not allowed.

'Third
Parties' could include:

Other network operators who may contact GreenNet when it is alleged
that a GreenNet user has breached their Acceptable Use Policy (AUP)
which may have affected the network integrity of a third party's network

Sales and marketing companies

Law enforcement
agencies and Government Departments

How
can inaccurate data be corrected?
There is an annual mail out for users to correct their data or, you
can contact us to amend your details at any time.